thr3ads.net - samba - [Samba] Trouble Using Samba 3.5.6 in ADS Domain [Feb 2011]

If this information is useful, please help other people find it:
Share via:

Robert Einsle

2011-Feb-24 00:00 UTC

[Samba] Trouble Using Samba 3.5.6 in ADS Domain

Hy List,

i try to use a newly installed Samba 3.5.6 in an ADS Domain.

firstly i configured kerberos, it works. I can "kinit administrator",
"klist", works.

secondly i configured samba:

smb.conf:

--- cut ---
   workgroup = KINDER
   netbios name = DSCHUNGEL
   realm = KINDER.LAN
   security = ADS
   wins server = 192.168.120.15
   passdb backend = tdbsam
   load printers = yes
   printing = cups
   printcap name = cups
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   create mask = 0775
   directory mask = 0775
   dos charset = ISO8859-1
   idmap backend = ad
   winbind nss info = rfc2307
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   idmap uid = 2500-20000
   idmap gid = 2500-20000
   template shell = /bin/bash
   dns proxy = no
   encrypt passwords = true
   preferred master = no
   template homedir = /home/%U
   enhanced browsing = no
--- cut ---

After "net ads join -U administrator" i can query Users from ads with
"wbinfo -u" and groups witch "wbinfo -g"

The next step will be that Users can login to the Server.

nsswitch.conf:
--- cut ---
passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind
--- cut ---

But a "getent passwd" dont shows me users from the ADS.

Is anything missing?

I've done it with this article:
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081/Join-Samba-3-to-Your--Active-Directory-Domain.htm

Any hints?

Thanks a lot

Robert

-- 

Robert Einsle
robert at einsle.de
http://www.einsle.de

Greg Byshenk

2011-Feb-24 22:03 UTC

head link

[Samba] Trouble Using Samba 3.5.6 in ADS Domain

On Thu, Feb 24, 2011 at 01:00:36AM +0100, Robert Einsle wrote:

[...]
 > nsswitch.conf:
> --- cut ---
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat winbind
> --- cut ---
> 
> But a "getent passwd" dont shows me users from the ADS.
> 
> Is anything missing?
> 
> I've done it with this article:
>
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081/Join-Samba-3-to-Your--Active-Directory-Domain.htm
> 
> Any hints?

That article doesn't want to load for me at the moment, so I can't see
what
it says, but your 'nsswitch.conf' looks wrong.

If you are using 'compat', then it needs to be the only entry for the
database;
you can't use 'compat' + something. 

I think you want either:
 
	passwd:         winbind
	group:          winbind
	shadow:         winbind

or:
 
	passwd:         compat
	passwd_compat:  winbind
	group:          compat
	group_compat:   winbind
	shadow:         compat
	shadow_compat:  winbind


-- 
greg byshenk  -  gbyshenk at byshenk.net  -  Leiden, NL

Reasonably Related Threads

Search for more maybe matching threads

samba - Feb 2011 - Trouble Using Samba 3.5.6 in ADS Domain

[Samba] Trouble Using Samba 3.5.6 in ADS Domain

[Samba] Trouble Using Samba 3.5.6 in ADS Domain

Reasonably Related Threads